OpenVPN Support Forum

Posted: **Sat Mar 12, 2011 6:01 pm**

My android client can connect with xp server, but ping not work.

VPN Server: 10.8.0.1
VPN Client: 10.8.0.6

LAN: 192.168.10.0
Mask 255.255.255.0
GW 192.168.10.1

VPN Net: 10.8.0.0

server.ovpn
__________
port 1194
proto udp
dev tun
dev-node TAPServer
ca ca.crt
cert Manolo.crt
key Manolo.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.10.0 255.255.255.0"
push "dhcp-option WINS 192.168.10.1"
push "dhcp-option DNS 192.168.10.1"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
mute 10

client.ovpn
_________
client
dev tun
proto udp
remote 85.X.X.X 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert cliente1.crt
key cliente1.key
ns-cert-type server
tls-auth ta.key 1
comp-lzo
verb 3

Route table in windows
____________________
Destino de red Máscara de red Puerta de acceso Interfaz Métrica
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.10 25
10.8.0.0 255.255.255.252 10.8.0.1 10.8.0.1 30
10.8.0.0 255.255.255.0 10.8.0.2 10.8.0.1 1
10.8.0.0 255.255.255.0 192.168.10.1 192.168.10.10 30
10.8.0.1 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.8.0.1 10.8.0.1 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.10.0 255.255.255.0 192.168.10.10 192.168.10.10 25
192.168.10.10 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.10.255 255.255.255.255 192.168.10.10 192.168.10.10 25
192.168.23.0 255.255.255.0 192.168.23.1 192.168.23.1 20
192.168.23.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.23.255 255.255.255.255 192.168.23.1 192.168.23.1 20
192.168.182.0 255.255.255.0 192.168.182.1 192.168.182.1 20
192.168.182.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.182.255 255.255.255.255 192.168.182.1 192.168.182.1 20
224.0.0.0 240.0.0.0 10.8.0.1 10.8.0.1 30
224.0.0.0 240.0.0.0 192.168.10.10 192.168.10.10 25
224.0.0.0 240.0.0.0 192.168.23.1 192.168.23.1 20
224.0.0.0 240.0.0.0 192.168.182.1 192.168.182.1 20
255.255.255.255 255.255.255.255 10.8.0.1 10.8.0.1 1
255.255.255.255 255.255.255.255 192.168.10.10 192.168.10.10 1
255.255.255.255 255.255.255.255 192.168.23.1 192.168.23.1 1
255.255.255.255 255.255.255.255 192.168.23.1 5 1
255.255.255.255 255.255.255.255 192.168.182.1 192.168.182.1 1
Puerta de enlace predeterminada: 192.168.10.1

Log OpenVPN
____________

Sat Mar 12 18:46:05 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Sat Mar 12 18:46:05 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Mar 12 18:46:05 2011 Diffie-Hellman initialized with 1024 bit key
Sat Mar 12 18:46:05 2011 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Mar 12 18:46:05 2011 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 12 18:46:05 2011 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 12 18:46:05 2011 TLS-Auth MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Mar 12 18:46:05 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Mar 12 18:46:05 2011 ROUTE default_gateway=192.168.10.1
Sat Mar 12 18:46:05 2011 TAP-WIN32 device [TAPServer] opened: \\.\Global\{B8AFBCC3-C576-4311-BFAE-9090428EE003}.tap
Sat Mar 12 18:46:05 2011 TAP-Win32 Driver Version 9.7
Sat Mar 12 18:46:05 2011 TAP-Win32 MTU=1500
Sat Mar 12 18:46:05 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {B8AFBCC3-C576-4311-BFAE-9090428EE003} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Sat Mar 12 18:46:05 2011 Sleeping for 10 seconds...
Sat Mar 12 18:46:15 2011 Successful ARP Flush on interface [6] {B8AFBCC3-C576-4311-BFAE-9090428EE003}
Sat Mar 12 18:46:15 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Sat Mar 12 18:46:15 2011 Route addition via IPAPI succeeded [adaptive]
Sat Mar 12 18:46:15 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Mar 12 18:46:15 2011 UDPv4 link local (bound): [undef]:1194
Sat Mar 12 18:46:15 2011 UDPv4 link remote: [undef]
Sat Mar 12 18:46:15 2011 MULTI: multi_init called, r=256 v=256
Sat Mar 12 18:46:15 2011 IFCONFIG POOL: base=10.8.0.4 size=62
Sat Mar 12 18:46:15 2011 IFCONFIG POOL LIST
Sat Mar 12 18:46:15 2011 Manolo,10.8.0.4
Sat Mar 12 18:46:15 2011 Initialization Sequence Completed
Sat Mar 12 18:55:53 2011 MULTI: multi_create_instance called
Sat Mar 12 18:55:53 2011 85.X.X.X:45055 Re-using SSL/TLS context
Sat Mar 12 18:55:53 2011 85.X.X.X:45055 LZO compression initialized
Sat Mar 12 18:55:53 2011 85.X.X.X:45055 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Mar 12 18:55:53 2011 85.X.X.X:45055 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Mar 12 18:55:53 2011 85.X.X.X:45055 Local Options hash (VER=V4): '14168603'
Sat Mar 12 18:55:53 2011 85.X.X.X:45055 Expected Remote Options hash (VER=V4): '504e774e'
Sat Mar 12 18:55:53 2011 85.X.X.X:45055 TLS: Initial packet from 85.X.X.X:45055, sid=b1ae253b 1458b87e
Sat Mar 12 18:55:56 2011 85.X.X.X:45055 VERIFY OK: depth=1, /C=ES/ST=CC/L=X/O=MNM/OU=Casa/CN=Manolo/emailAddress=x
Sat Mar 12 18:55:56 2011 85.X.X.X:45055 VERIFY OK: depth=0, /C=ES/ST=CC/O=MNM/OU=Casa-Cliente/CN=Manolo/emailAddress=xSat Mar 12 18:55:59 2011 85.X.X.X:45055 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Mar 12 18:55:59 2011 85.X.X.X:45055 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 12 18:55:59 2011 85.X.X.X:45055 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Mar 12 18:55:59 2011 85.X.X.X:45055 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 12 18:56:00 2011 85.X.X.X:45055 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Mar 12 18:56:00 2011 85.X.X.X:45055 [Manolo] Peer Connection Initiated with 85.X.X.X:45055
Sat Mar 12 18:56:00 2011 Manolo/85.X.X.X:45055 MULTI: Learn: 10.8.0.6 -> Manolo/85.X.X.X:45055
Sat Mar 12 18:56:00 2011 Manolo/85.X.X.X:45055 MULTI: primary virtual IP for Manolo/85.X.X.X:45055: 10.8.0.6
Sat Mar 12 18:56:02 2011 Manolo/85.X.X.X:45055 PUSH: Received control message: 'PUSH_REQUEST'
Sat Mar 12 18:56:02 2011 Manolo/85.X.X.X:45055 SENT CONTROL [Manolo]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,dhcp-option WINS 192.168.10.1,dhcp-option DNS 192.168.10.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)

I don't understand this:

Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {B8AFBCC3-C576-4311-BFAE-9090428EE003} [DHCP-serv: 10.8.0.2, lease-time: 31536000]

Mask 252 and client 10.8.0.6. Is this the problem?

I hope you can help me
Thanks

Posted: **Mon Mar 14, 2011 9:18 am**

what do you mean "it does not work" ? From the Android client, can you ping the VPN endpoint (10.8.0.1) ? Or vice versa from the server (ping 10.8.0.6) ?

Mask 252 and client 10.8.0.6. Is this the problem?

This is perfectly normal behaviour for an OpenVPN setup with 'topology net30' mode (which is the default).

Posted: **Mon Mar 14, 2011 4:04 pm**

I can ping neither from Android client to server nor vice versa

OpenVPN Support Forum

OpenVPN winxp server android client

OpenVPN winxp server android client

Re: OpenVPN winxp server android client

Re: OpenVPN winxp server android client